Ignore the smallprint

TA!Smallprint!HTML

  09 September 2011

Description

Using very big and very small letters where the latter are likely to be ignored and the former contain the actual message. See also Whiter Shade of Pale.

Submitted by Natalia Zablotskaya (Kaspersky Labs); more at this SecureList blog post.

Example

<font size="6"><span style="FONT-FAMILY: arial black,sans-serif">C</span></font><font style="FONT-FAMILY: garamond,serif" size="1">xaaabbbb </font><font size="6"><span style="FONT-FAMILY: arial black,sans-serif">H</span></font><font style="FONT-FAMILY: garamond,serif" size="1">deeeffff </font><font size="6"><span style="FONT-FAMILY: arial black,sans-serif">E</span></font><font style="FONT-FAMILY: garamond,serif" size="1">hhhhiiij </font><font size="6"><span style="FONT-FAMILY: arial black,sans-serif">A</span></font><font style="FONT-FAMILY: garamond,serif" size="1">kkllllmm </font><font size="6"><span style="FONT-FAMILY: arial black,sans-serif">P</span></font><font style="FONT-FAMILY: garamond,serif" size="1">mnnnnooo </font><br/>

Looks like:

Cxaaabbbb Hdeeeffff Ehhhhiiij Akkllllmm Pmnnnnooo
Prrrsssss Htttuuuvv Avvvwwwwx Raabbbbbb Mccddddee Affgggghh Chhiiiijj Ykkkkklll

The text as seen in spam emails was a link to a website vulnerable to SQL injection. However, nothing is pulled out of a database; instead, using a SELECT query, code is inserted that causes the user to be redirected to a pharmacy website.

Quick Links

Poll
Does your company allow you to use a personal laptop/mobile device to access company resources?
Yes, it's allowed
Yes, it's actively encouraged
No
I don't know
Leave a comment
View 2 comments

Ciso-Intelligence

Virus Bulletin
In this month's magazine:
Virus Bulletin 05 2012
Subscribe now!

Virus Bulletin currently has 225,288 registered users.